W3C home > Mailing lists > Public > ietf-http-wg@w3.org > January to March 2014

Re: new version trusted-proxy20 draft

From: Mikael Abrahamsson <swmike@swm.pp.se>
Date: Mon, 24 Feb 2014 13:18:04 +0100 (CET)
To: Ilari Liusvaara <ilari.liusvaara@elisanet.fi>
cc: HTTP Working Group <ietf-http-wg@w3.org>
Message-ID: <alpine.DEB.2.02.1402241313570.747@uplift.swm.pp.se>
On Mon, 24 Feb 2014, Ilari Liusvaara wrote:

> Doing encrypted caching... That would require client and server to
> share state.

Well, yes, but my thinking was that the key to decrypt this object could 
be shared over a control channel. If login is required to the site then 
only clients would get this key after login.

> Encrypting arbitrary data in upstream direction is doable. Question is, 
> what can be encrypted without causing smuggling issues.

I'd guess as soon as encryption is employed, smuggling is always possible. 
But if the proxy owner wants for instance to emply whitelists of what 
sites are allowed then hopefully this whitelist would only allow sites 
where smuggling is unlikely.

> Such system does not necressarily have to modify upstream/downstream 
> data, just be able to reject requests.

Well, it still needs to inspect the data so it still needs to decrypt it. 
I agree that it doesn't need to possibility of modifying it and delivering 
it to the client with proper encryption/signature, it just has to refuse 
to serve it.

Mikael Abrahamsson    email: swmike@swm.pp.se
Received on Monday, 24 February 2014 12:18:28 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 17:14:24 UTC